Re: [patch] ipvs: info leak in __ip_vs_get_dest

To:	Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Subject:	Re: [patch] ipvs: info leak in __ip_vs_get_dest_entries()
Cc:	Wensong Zhang <wensong@xxxxxxxxxxxx>, Simon Horman <horms@xxxxxxxxxxxx>, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>, Patrick McHardy <kaber@xxxxxxxxx>, Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>, "David S. Miller" <davem@xxxxxxxxxxxxx>, netdev@xxxxxxxxxxxxxxx, lvs-devel@xxxxxxxxxxxxxxx, netfilter-devel@xxxxxxxxxxxxxxx, netfilter@xxxxxxxxxxxxxxx, coreteam@xxxxxxxxxxxxx, kernel-janitors@xxxxxxxxxxxxxxx
From:	Julian Anastasov <ja@xxxxxx>
Date:	Mon, 3 Jun 2013 23:00:46 +0300 (EEST)

        Hello,

On Mon, 3 Jun 2013, Dan Carpenter wrote:

> The entry struct has a 2 byte hole after ->port and another 4 byte
> hole after ->stats.outpkts.  You must have CAP_NET_ADMIN in your
> namespace to hit this information leak.
> 
> Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>

Acked-by: Julian Anastasov <ja@xxxxxx>

> diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
> index df05c1c..e336535 100644
> --- a/net/netfilter/ipvs/ip_vs_ctl.c
> +++ b/net/netfilter/ipvs/ip_vs_ctl.c
> @@ -2542,6 +2542,7 @@ __ip_vs_get_dest_entries(struct net *net, const struct 
> ip_vs_get_dests *get,
>               struct ip_vs_dest *dest;
>               struct ip_vs_dest_entry entry;
>  
> +             memset(&entry, 0, sizeof(entry));
>               list_for_each_entry(dest, &svc->destinations, n_list) {
>                       if (count >= get->num_dests)
>                               break;

Regards

--
Julian Anastasov <ja@xxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe lvs-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

<Prev in Thread]	Current Thread	[Next in Thread>
[patch] ipvs: info leak in __ip_vs_get_dest_entries(), Dan Carpenter Re: [patch] ipvs: info leak in __ip_vs_get_dest_entries(), Julian Anastasov <= Re: [patch] ipvs: info leak in __ip_vs_get_dest_entries(), Simon Horman Re: [patch] ipvs: info leak in __ip_vs_get_dest_entries(), Dan Carpenter Re: [patch] ipvs: info leak in __ip_vs_get_dest_entries(), Simon Horman Re: [patch] ipvs: info leak in __ip_vs_get_dest_entries(), Pablo Neira Ayuso

Previous by Date:	[patch] ipvs: info leak in __ip_vs_get_dest_entries(), Dan Carpenter
Next by Date:	Re: [patch] ipvs: info leak in __ip_vs_get_dest_entries(), Simon Horman
Previous by Thread:	[patch] ipvs: info leak in __ip_vs_get_dest_entries(), Dan Carpenter
Next by Thread:	Re: [patch] ipvs: info leak in __ip_vs_get_dest_entries(), Simon Horman
Indexes:	[Date] [Thread] [Top] [All Lists]

Re: [patch] ipvs: info leak in __ip_vs_get_dest_entries()